Overview ntp_request.c in ntpd in NTP before 4.2.4p8, and 4.2.5, allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by using MODE_PRIVATE to send a spoofed (1) request or (2) response packet that triggers a continuous exchange of MODE_PRIVATE error responses between two NTP daemons. Impact CVSS Severity (version 2.0): CVSS v2 Base Score:6.4 (MEDIUM) […]
Alert Service
National Cyber-Alert System: NTP Alert (2009−1252)
CERT Alert for NTP Versions before 4.2.4p7 and 4.2.5 before 4.2.5p74, when OpenSSL and autokey are enabled. This directly impacts PCI DSS compliance practices using NTP with OpenSSL and autokey to identify end-nodes in NTP service topologies. CERT 2009–1252
Downloads
PCI DSS 6.1 Alert for 10.4 compliance … NTP Security Hole Patched
PCI DSS — 10.4 Compliance Alert — NTP Flaws require immediate attention.